io_crypt - encrypt your photos while you shoot them

[g3gg0]

Status: experimental, need your testing!

Short description:
io_crypt is a module which automatically encrypts .CR2 and .JPG while you shoot them.
The original file content is never written to card, so there is no way to restore the image content by reading the raw sectors etc.
You can choose between different modes and security levels.
This was formerly discussed there and was requested already a few times.

Detailed description:
This module hooks the file-io operations for your SD and CF card and places custom read/write routines instead.
These custom r/w operations encrypt your file content before the card's real write handler is being called.
For you there is no additional task to do after you shot the image - just shoot as usual and your files are encrypted.

There are two possible modes:
 - Password
    Before you shoot images, you have to enter a password which is being used for all images
    The password gets fed into a LFSR (Linear Feedback Shift Register) to shuffle the bits and get a 64 bit file key.
    advantage: you can enter different keys, one per "session" or "access level" and share them accordingly
    disadvantage: you have to enter the key every time you power on the camera (storing is insecure of course)

 - RSA
    Before you start your shooting, you create a RSA public/private key pair via menu.
    (edit: this takes up to 10 minutes with a 4096 bit key!!)
    Then you copy the private key from your card (ML/DATA/IO_CRYPT.KEY), store it at a safe place and delete it from your card (!!).
    You need the private key only for decrypting (on computer), the public key only for encrypting (on camera)
    With the internal PRNG for every image a separate file key is being generated and encrypted using RSA.
    advantage: no password must be entered, power on and shoot. every image has a different, random "password"
    disadvantage: you have to prepare yourself a bit by copying and deleting the encryption keys correctly

In both modes, the file content is being encrypted using a XOR operation with the output of a 64-bit LFSR that was pre-loaded with the file key and the current block numver.
To make random access feasible and the encryption fast enough, the keys are used blockwise.
This obviously weakens encryption a lot and makes it possible to recover the 64 bit block encryption key using known plaintext attacks.
The good thing - know plaintext attacks are only suitable for file content that has a predictable pattern, like the file header.

Still the encryption i implemented is *not* military grade. Although it is (imho) safe enough for a normal individual.

Options:
    Blocksize
    The block size that is being encrypted with the same 64 bit key.
    larger is faster, but insecure. smaller values slow down saving. choose.
   
    Ask for password on startup
    If you are in Password mode, camera will ask for password right after poweron.
    When disabled, you have to enter the menu manually and set the key - else no pictures will be encrypted.

    RSA Keysize
    Choose the largest value that you can tolerate. The larger the size, the longer generating will take (up to 10 minutes...).
    Also saving will slow down a bit with larger keys


Image review:
Canon caches the images you have shot until you poweroff the camera or the memory gets full (5-10 images).
As long the images are in cache, you can review it without any problem, even if you change the key.

In RSA-Mode you currently *not* review images other than those in cache. Not sure if i will implement it at all.
In Password mode, you can view images when you set the correct password.

Decryption:
After you copied the files onto your computer, you can decrypt it with io_decrypt which is (not yet) avaiable precompiled, but you can get from the repository.

./io_decrypt <in_file> [out_file] [password]

If you want to decrypt password protected files (LFSR64), you have to supply the encryption password on commandline.
For RSA encrypted files, the private key ML/DATA/IO_CRYPT.KEY must be in the current directory.

Compatibility:
The module contains some camera specific memory addresses, so it has to be ported for every model.
Cameras that are supported: 7D, 5D3, 60D, 600D, 650D
Next cameras being added: 5D2, 6D
If you have a different model and want to use/test the module, please post it here.

Disclaimer:
1. Do not do any illegal stuff with it.
2. It is meant for e.g. reporters whose security depends on the footage not being revealed or for securing sensible information
3. Dont rely on it. It will for sure somewhen fail and your footage is gone.
4. Dont cry when something goes badly wrong.


Download:
You can always download my latest build there
here is the windows console decrypter.


ToDo:
 - Show fake images instead of the standard canon error screen
 - background encryption for unsupported models. will scan, encrypt and save the images in background while your camera is idle.

[blade]

g33gg0

I would like to test and use this module. I only have a 650D, and I see that it is not supported. Is there a specific reason ( hardware limitations) for this?

Thanx

[g3gg0]

its no technical reason - i will look up the addresses and you can try if it works

[blade]

cool! looking forward

[g3gg0]

updated, can you d/l and try?

[Audionut]

I have no interest in this, but since you're getting no feedback, if you update it to 5D3.123 I'll run it through it paces.

[Michael Zöller]

I can do the 5d2 if you can find the addresses. Thanks!!

[eos]

Hello, World!


My setup:

Cam: 650D
shooting mode: P
IQ: Jpeg + RAW

ML: 06.02.14 nightly
io_crypt: 05.feb. 18:07
ime_base & ime_std:   09.12.13 (ime_base.zip von g3gg0)

blocksize: 128k (most of the time)


in short:

RSA does not work
Password works but also crashes the cam sometimes (but maybe its caused by the ime-modules i also tried for the first time)


in long:

When I'm on "Set password" and press SET or PLAY a failure message appears:
"IME error, Crypto disabled"
(sometimes this warning flickers)
--» needed some more time to realize the need for ime-modules

"Creating RSA key (2048 bits)
this may take a while"
(flickers)

Test: Speed      "Test done"
Test: RSA         "finished successfully"

kreating Key: ok
but menu says: "NoKeys!"

in playback after taking a shot:
"No key entered, not encrypting!"
and it really doesn't

when i shut the cam down, it kept displaying sensor cleaning
couldn't hear if it was actually vibrating (noisy surrounding)
Power off & power on
nothing
power off
no display but card-LED kept lighting
removed Battery


battery in & next power on:
everything seems ok
file Manager shows two extra files:
IO_CRYPT.CR2 & IO_CRYPT.DAT (both 20.0 MB)

At this piont i installed the ime-modules.
Password mode worked fine! I had pictures on card encrypted by two different passwords and could also display them after restarting the cam and typing the respective passwords.



Another time i started the cam this happened:
asked me to type a password
i typed it (same password i still have encrypted pics from on the card) and klicked "OK"
nothing happens
i klick OK for another time
IME-screen flickers one time
i klick OK for the third time
camera freezed


Another time:
after some time being idle the display shuts down
thought it would be normal standby but it doesn't react to any button and card-led is constant on.
took battery out
I can't remember in which Menu it has been.


back to the keys:
I tested keygeneration with different keysizes, sometimes in RSA-mode and sometimes in password mode.
I could not find a IO_CRYPT.KEY in ML/DATA/ on any of the two tested cards.
But it always said: "Creating RSA key (1024 bits) this may take a while"
Has there to be a confirmation message when the key is generated successfully?



@all devs:
Thank you for all the impressive features making our cams to entire new systems!

[Marsu42]

If you have a different model and want to use/test the module, please post it here.

... 6d here, is there any procedure on how to find the addresses? If I'm too dumb for this, I can still forward it to 1% for help :-p

1. Do not do any illegal stuff with it.
2. It is meant for e.g. reporters whose security depends on the footage not being revealed or for securing sensible information

I'd like to note that these two items are often mutually exclusive.

[g3gg0]

@all devs:
Thank you for all the impressive features making our cams to entire new systems![/b]

thanks for testing.

with ask-for-pw enabled, starting in LV/video mode can cause trouble.
so start in photo mode only. dont like that feature anyway and planning to remove it.

about RSA: yeah, found a bug that will most likely cause that problem.

will fix those.

[g3gg0]

okay can you test RSA on 650D again?

[eos]

with ask-for-pw enabled, starting in LV/video mode can cause trouble.
so start in photo mode only. dont like that feature anyway and planning to remove it.

Fortunately i had no time to test it in lv or movie.

I think ask-for-password-on-startup is a very helpful feature for forgetful people.
And it isn't anoying if you use one card exclusively for private things.
I don't need it today but i would really miss it in future!
What about leaving it in the comments for times with less features on the workbench?

[650D in M; with 07.febr. nightly & iocrypt from 06.feb 21:00]

disabled sensor cleaning (& ask-for-pw most of the time), formatted card and took a new ML installation (not copying files from zip over existing ML with all its configurations)
Since then i had no stability problems. There was only one display failure (disappearing after next button press; made a photo with my cellphone; can try to reproduce it).

but again RSA:
mode: rsa
test rsa: successful
create rsakey: files for private and public keys are there
                        but rest like yersterday (NoKey! in menu; no key while shooting)

[g3gg0]

fixed RSA for non-5D3 now hopefully

you now also can drag n drop files to the io_decrypt.exe, it will scan for the "io_crypt.key" from the generation process in camera.
dont forget to delete it from camera.

[g3gg0]

next step is adding support for the other cameras.

[1%]

How do I find these addresses... I looked via ram and its somewhere near CF/SD stuff. Nothing seems to link to it directly in FW and when I use memory browser the first one is a pointer to an FF address. The other area is empty.

[eos]

short:
in cam nice
RSA on pc not working
pw not testet on pc
decypt.exe does not work

long:
 
[650D; M; 8.feb nightly; iocrypt 8.feb 2:33; io_decrypt.exe 08.02; blocksize 128k]
 
ask-for-pw-on-startup: on
mode: RSA
keysize: 512
create rsa key
menu says: INSECURE!
key files exist
encryption passed!!!

but on pc:
DEcrypted files not readable (neither jpg nor raw) (only tried drag&drop)

removed io_crypt.key  from card
menu: "Active"
made a photo but could see it after power off/on
did not wait long enough for shutdown/clear RAM
wanted to take pics until RAM full
shot one
seemed to be encrypting
didn't wait
shot another one
error 70 (have a crashlog; but no dump)
battery out/in and extra off/on for modules to load
everything encrypted and fine

create 1024bit key
moved private key to B:/ML (foolish for sure but its only a test)
"Insecure!"
power off/on
"Active"
i dunno: is it me outsmarting the module or is it "The cleverer give in?" (<-- would be a nice message somewhere between/around "Insecure" and "active", but "foolish" would fit better into junkie menu. )

created 2048bit key
blocksize 256k
file manager doesn't show a new key

didn't wait long enough for kegeneration.
i think the "Creating RSA key... ...may take a while" didnt show up for a feeled minute. So i thougt it would be done already and i would have missed the confirmation message poppin up for a second.
Can u please make "Creating RSA key... ...take a while" showing up permanent or in equal time slots?
Additional imho the best would be a permanent "done"-message until a half-pressed shutter button.

btw: standby altough without trouble (tested a couple of times)

interesting for fools:
this time private key got moved to B:/. Menu kept showing "insecure" (Even after long shutdown).

.exe crashed with some files
many were 0Byte after decryption
not any working picture
one jpg is 16MB! (before & after decryption)
But didn't try the pw-protected ones per command line (simply tried everyone per drag&drop to save time).

[g3gg0]

How do I find these addresses... I looked via ram and its somewhere near CF/SD stuff. Nothing seems to link to it directly in FW and when I use memory browser the first one is a pointer to an FF address. The other area is empty.

i answered via mobile phone but it seems the browser didnt submit my post. argh...
ok then again.
(example 7D v2.0.3, slave)

finding iodev_table
1. starting point FIO_ReadFile at 0xFF1FC434
2. if file handle id is < 100, it enters 0xFF3279F4
3. there the first call is 0xFF08CFA8
4. this function references to 0x2D3B0 (pointers to tables of functions) and calls a function from there using BX
5. as we (always) use the third entry in that table, our iodev_table = 0x2D3B8 (it points to 0xFF58B350)

the function tables have these functions:
  0xFF58B350:
  DCD iodev_OpenFile
  DCD iodev_CloseFile
  DCD iodev_unsupported
  DCD iodev_ReadFile
  DCD iodev_WriteFile
  DCD iodev_unsupported
  DCD iodev_unsupported
  DCD iodev_unsupported_2
  DCD iodev_unsupported

finding iodev_ctx
1. go to iodev_OpenFile, which is at 0xFF458BBC (referenced in table found above)
2. enter the 3rd function 0xFF3E0D50. its the one with return value being checked (SUBS R5, R0, #0)
3. the first function (0xFF3E0958) being entered is allocating an fd.
4. this function references to 0x85510, so iodev_ctx = 0x85510

finding iodev_ctx_size
1. the same function as you used above (0xFF3E0958) goes through all entries
2. it adds 0x18 bytes per iteration, so iodev_ctx_size = 0x18

voila

[1%]

on 6D, traced back FIO_READFILE

Code: [Select]


0x9DEF8 -> ffB6DF3C
0x9DEFC -> FF9CC7AC
0x9DF00 -> 0x7380C
0x9DF04 -> FFC38890
0x9DF08  -> FFC38800


Unfortunately the list doesn't seem to match:

Code: [Select]

off_7380C       DCD FIO_unsupported     ; DATA XREF: sub_5558C+4o
RAM:0007380C                                         ; RAM:off_556F8o ...
RAM:00073810                 DCD sub_55344
RAM:00073814                 DCD FIO_unsupported
RAM:00073818                 DCD sub_54A4C
RAM:0007381C                 DCD sub_54C80
RAM:00073820                 DCD FIO_unsupported
RAM:00073824                 DCD FIO_unsupported
RAM:00073828                 DCD sub_55430
RAM:0007382C                 DCD sub_55418

0x9DF08  -> FFC38800

Looks Closer

Code: [Select]

off_FFC38800    DCD sub_FF8353F4        ; DATA XREF: EFAT_Match+4o
ROM:FFC38800                                         ; ROM:off_FF796A28o
ROM:FFC38804                 DCD sub_FF835250
ROM:FFC38808                 DCD FIO_unsupported
ROM:FFC3880C                 DCD sub_FF8355AC
ROM:FFC38810                 DCD sub_FF83563C
ROM:FFC38814                 DCD FIO_unsupported
ROM:FFC38818                 DCD FIO_unsupported
ROM:FFC3881C                 DCD sub_FF1515AC
ROM:FFC38820                 DCD FIO_unsupported

First function -> first call leads to:

Code: [Select]

STMFD   SP!, {R4-R8,LR}
ROM:FF7967CC                 LDR     R7, =dword_75E34
ROM:FF7967D0                 LDR     R4, [R0,#0x1C]
ROM:FF7967D4                 MOV     R6, R0

So maybe that is ctx?

50D

Code: [Select]

0x1F200 -> FFC11F8C
0x1F204 -> FFC0DDEC

0x1F208 -> FFC8168C

Last one seems to make sense:

Code: [Select]

ROM:FFC8168C off_FFC8168C    DCD sub_FFB075E0        ; DATA XREF: sub_FFB0791C+4Co
ROM:FFC8168C                                         ; ROM:off_FFB07DACo
ROM:FFC81690                 DCD sub_FFB0762C
ROM:FFC81694                 DCD FIO_unsupported_0
ROM:FFC81698                 DCD sub_FFB07664
ROM:FFC8169C                 DCD sub_FFB076AC
ROM:FFC816A0                 DCD FIO_unsupported_0
ROM:FFC816A4                 DCD FIO_unsupported_0
ROM:FFC816A8                 DCD sub_FF81B6B4
ROM:FFC816AC                 DCD sub_FFB076F4
ROM:FFC816B0                 DCD sub_FFB077C0
ROM:FFC816B4                 DCD sub_FFB0780C
ROM:FFC816B8                 DCD FIO_unsupported_0
ROM:FFC816BC                 DCD sub_FFB07844
ROM:FFC816C0                 DCD sub_FFB0788C
ROM:FFC816C4                 DCD FIO_unsupported_0
ROM:FFC816C8                 DCD FIO_unsupported_0
ROM:FFC816CC                 DCD sub_FF81B6B4
ROM:FFC816D0                 DCD sub_FFB078D4

But FFB699D8 function which should be third call of sub_FFB075E0  doesn't seem to operate any variables. Its like 50D is missing div function, I never see it subtracting.

hmm.. the 6D version is doing something, I can't read the photos but keys were generated.. they are 1KB (i picked smallest key size)

https://bitbucket.org/OtherOnePercent/tragic-lantern-6d/commits/ee19913b23023260ad87a33dea0edb56e2e48565

get some overflow errors from the backend however. also can't read back any pics... can't try the RSA because I can't compile the .exe

[eos]

[650D; M; 8.feb nightly; iocrypt 8.feb 2:33; io_decrypt.exe 08.feb]

To see, or not to see, that is the question:
While testing different settings i went to playback mode after pic 9. Then all encrypted pics schowed "Cannot playback image". But pic 5 & 6 showed the original photo in the same size as the question mark placeholder normally seen with "Cannot playback image".

I'd like to know how this works but my coding skills are way to crappy to grasp it by myself. Are thumbnail and 'big photo' at differend areas in ram before encryption (not packed in one file until written to card or a question of memory management)?

maybe linked:
By chance i saw an overflow about 10 minutes later (have dump).

[g3gg0]

i disabled scratch memory as i suspect it to cause trouble.
is it any better?

(get it from first post as always)

[1%]

No more overflows

0x9DF04 -> FFC38890
0x9DF08  -> FFC38800

Both of these produce encrypted files you can't decrypt... maybe the CTX is wrong?

[g3gg0]

hmm when encrypting works, then all is fine there.
you have the latest version without scratch?

[1%]

Yep, it works on 7D. The password version doesn't even work. Files just come out black when decrypted.

STMFD   SP!, {R4-R10,LR}
ROM:FF796594                 LDR     R4, =0xCC110
ROM:FF796598                 LDR     R6, =dword_75E2C
ROM:FF79659C                 

Found this and tryied both CC110 and 75E2c, still doesn't decrypt.

Maybe see if I'm doing something wrong in 6D?

[g3gg0]

Files just come out black when decrypted.

thats weird, because this means its decrypted fine, just the image content is black.
are you sure??

[1%]

Yea, I didn't take a black pic... either way on providing the correct pass I see a mini version of the thumbnail when I reboot the camera. Running it through IO_Crypt the file is blank and can't be opened by photoshop.

Password is AAA
http://ge.tt/5hq0NfJ1/v/0?c

        iodev_table = 0x9DF08;
        iodev_ctx = 0xCC110;
        iodev_ctx_size = 0x20;